Ivanti ≫ Avalanche

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.

Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability

Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability

Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability

Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability

An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1.

A previously generated artifact by an administrator could be accessed by an attacker. The contents of this artifact could lead to authentication bypass. Fixed in version 6.4.1.

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version 6.4.1.